Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'

Posted by Soulskill on from the inspiring-such-confidence dept.

SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"

19 of 190 comments (clear)

  1. translation by Anonymous Coward · · Score: 4, Insightful

    Haliburton now has a kompootar division that needs money.

  2. you mean they could have spent less money spying.. by davydagger · · Score: 5, Insightful

    You mean, the US could spent less money on fearmongering, sting operations to trick poor and socially outcast citizens into conducting fake terrorist attacks for TV. Far flung surviallence systems, which don't work.

    Instead of this crazy cloak and dagger shit, they could have invested in systems that were secure by default, and well coded that would resist cyber assault. In fact with the money spent, I'm sure they could simply paid many many many programers to do nothing but check and re-double check code, fuzz, and re-fuzz a bunch of apps until cyber breakins were not feasaible.

    I am sure they could have done the same with all routers, and in the case of a massive foriegn DDoS, simply firewalled it.

  3. What a shocking declaration! by mekkab · · Score: 4, Funny

    Honestly... does this come as any surprise to anyone on /.? When I heard about Flame and Stuxnet it was as if every cyberfiction story I read in the 80's had finally come true. Mentally, I'm already prepared.

    Bring on the onslaught of Jihadist Erectile Dysfunction Spam!

    --
    In the future, I would want to not be isolated from my friends in the Space Station.
    1. Re:What a shocking declaration! by maxwell+demon · · Score: 5, Funny

      Yeah, erectile dysfunction is especially bad for jihadists. Imagine you get your 72 virgins, and then you can't get it up.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:What a shocking declaration! by K.+S.+Kyosuke · · Score: 4, Funny

      Actually, that's the Muslim version of hell. Both groups get sent to the same place (which reduces maintenance costs, mind you!) and the ones with erectile dysfunction are simply forced to watch the unafflicted ones.

      --
      Ezekiel 23:20
    3. Re:What a shocking declaration! by BeanThere · · Score: 5, Insightful

      I've been reading these overblown scare stories with regularity since I've been reading /. ... it just means it's budget allocation time again for the 'cybersecurity divisions' and these types of reports are just a way of trying to justify oversized budgets for ever-larger 'departments' to push paper around while pretending to protect you from something.

    4. Re:What a shocking declaration! by NotQuiteReal · · Score: 3, Funny

      If they are MALE virgins, you need to be worried about getting it up yours.

      FTFY

      --
      This issue is a bit more complicated than you think.
  4. Easy solution by maxwell+demon · · Score: 5, Funny

    They just have to make all U.S. routers drop packets with the Evil bit set. Problem solved.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  5. Well, that explains it by Hentes · · Score: 4, Interesting

    I could never understood why America doesn't improve its cybersecurity, but if the plan is the same as with Pearl Harbor that would explain it. The US leaves their systems open and lures China to attack them to get a convincing casus belli for their counterattack, just like they did in WW2.

    1. Re:Well, that explains it by bill_mcgonigle · · Score: 4, Informative

      lol you think the US 'lured' Japan into attacking Hawaii? Seriously?

      Hrm, the gp said 'lured'. The oil embargo created the conditions where Japan wanted to seize the oil fields of the Dutch East Indies. Roosevelt said this himself. Then he moved the only fleet that could stop them from San Diego to Honolulu. They had radio intel on Japanese movements and kept some of that info from the Navy by Presidential order. (see some good comments here or buy the books)

      Roosevelt wanted war and had big trouble selling it (both matters of fact) and these conditions got him an attack which got him what he wanted.

      But that doesn't mean the Japanese had to maintain their empire or that the People had to accept a Japanese attack on Hawaii as a reason to go to war in Europe. Plenty of blame to spread around, but one can't cast Roosevelt as completely surprised or ignorant of the conditions in the region.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  6. Why Is the Power Grid on the Internet? by edibobb · · Score: 5, Insightful

    If control to the nation's power grid is accessible over the internet, then we have problems far more serious than hackers. It's almost like the head of Homeland Security doesn't even know how to use email.

  7. Re:Is that so? :p by K.+S.+Kyosuke · · Score: 5, Insightful

    I vote to call it Perl Harbor. You know, hackers and stuff...

    --
    Ezekiel 23:20
  8. Re:Is that so? :p by maxwell+demon · · Score: 3, Funny

    So it would be a line noise attack?

    --
    The Tao of math: The numbers you can count are not the real numbers.
  9. Re:Really?! by ByteSlicer · · Score: 4, Insightful

    Why not leave them on an intranet

    No! Never connect critical computer systems to an intranet (assuming you mean a general purpose internal network).
    It's just too easy for a worm infection to create a bridge with the internet, or some person connecting his laptop to his phone to read slashdot and thereby creating a bridge.
    These systems should be on their own network, and all communication should be encrypted using public-private key pairs (secure tunnels, so systems can only communicate with other systems when they're allowed to). Managing the keys/tunnels would be a hassle (making sure an authorized human is in the loop), but good security always has its costs.

  10. Ask a cranky 'ol guy (John Dvorak) by rbrander · · Score: 4, Interesting

    http://www.pcmag.com/article2/0,2817,2410931,00.asp

    He's still good for entertainment some days. And he's got this one nailed: "Cyber War? Bring It On! : The so-called imminent threat of cyber-attack by U.S. enemies is another in a long line of fear-mongering propaganda lines."

  11. Another Translation: by Futurepower(R) · · Score: 4, Interesting

    I'm guessing: The U.S. Secretary of Defense has no knowledge of computer technology whatsoever, except what he learned from his children. But he wants to be cool, seem knowledgeable, get his name in the news, and get government contracts for associates, so he put his name on a scary memo written by his staff, who also have such associates.

    That's a guess, but it seems a likely guess given the fact that technically knowledgeable people use different language and recommend examination of code for security problems and sloppiness.

    Some of those who want government corruption want continuous war because government "defense" contracts provide easy profits, and it is easy to keep corruption secret.

    If they get easy money, the corrupters don't care who is killed, what lives and property are destroyed, or how much money is wasted. For example, the book Funding the Enemy: How U.S. Taxpayers Bankroll the Taliban provides a huge amount of detail about a small part of the corruption.

    Divide the cost to the U.S. taxpayer of just the war in Afghanistan ($574,624,781,538) by the population of Afghanistan (35,320,445). The U.S. taxpayer has already paid 16,268 hard-earned dollars for every man, woman, and child in Afghanistan. The results: Mostly, things are worse.

    If those who want corruption can't get the taxpayers to pay for killing other people, they want "cyber war". See, for example, Obama Order Sped Up Wave of Cyberattacks Against Iran.

    The U.S. government has invaded or bombed 27 countries since the end of the 2nd world war.

    Constant war makes us poor.

    1. Re:Another Translation: by hoboroadie · · Score: 4, Informative

      The U.S. taxpayer has already paid 16,268 hard-earned dollars for every man, woman, and child in Afghanistan.

      I am not an anthropologist, but I heard about Afghanis from a friend who used to visit up until the Soviets gave him the boot. From what I heard, we could have bought the love of everyone in the country for much, much, less.
      Probably should have handed out AK47s and a fat purse to every man/woman/child about 18 December 2001, declared the country free, and come home.

      --
      They feared that it could be used to suppress protest or support unpopular rule.
  12. cyber pearl harbor by Keychain · · Score: 3, Funny

    By cyber pearl harbor, does he mean that the attack will destroy obsolete equipment, leaving critical infrastructure and equipment safe while at the same time providing an excuse for the us government to start a war ?

  13. Re:you mean they could have spent less money spyin by knorthern+knight · · Score: 3, Interesting

    > There is more likelihood of a million monkeys randomly typing for a million years to
    > create one of Shakespeare's plays than for creating a truly secure OS in the manner
    > described. And even coming close could not be done before whatever product is
    > completely, totally irrelevant from obsolescence.

    The first question in many security cases is "WTF was the idea behind connecting it to the internet?" Many SCADA systems are controlled by Windows computers which are often net connected. Disconnect the system from the net (wired and wireless), and turn off autorun/autoplay on the machines, disable USB port access for all but authorized personnel. It may not be perfect, but it'll be a lot better than today.

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user